No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DNS, IP performance optimization, IPv6, DHCPv6, and IPv6 DNS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Proxy ARP

Proxy ARP

Possible Causes

ARP only applies to communication among hosts on both the same network segment and the same physical network. After a switch on a network receives an ARP Request packet from a host, the switch checks whether the destination IP address in the packet is its IP address to determine whether its MAC address is requested. If the destination IP address is its IP address, the switch responds with an ARP Reply packet. If the destination IP address is not its IP address, the switch discards the received ARP Request packet.

For hosts on different physical networks but on the same network segment, or hosts on both the same physical network and the same network segment but cannot communicate at Layer 2, you can configure proxy ARP on the switch between the two networks to allow communication among these hosts. If the proxy ARP-enabled switch detects that the destination IP address in a received ARP Request packet is not its IP address, the switch sends an ARP Reply packet containing its MAC address and the IP address of the destination host to the source host. In this process, the switch responds with an ARP Reply packet for the destination host.

Usage Scenario

Proxy ARP is classified into the following types: routed proxy ARP, proxy ARP anyway, intra-VLAN proxy ARP, and inter-VLAN Proxy ARP. Table 2-1 describes the usage scenarios.

Table 2-1 Proxy ARP usage scenarios

Proxy ARP Type

Usage Scenario

Routed proxy ARP

Two hosts that need to communicate belong to the same network segment but different physical networks (different broadcast domains). The gateways to which hosts are connected have different IP addresses.

Proxy ARP anyway

Two hosts that need to communicate belong to the same network segment but different physical networks (different broadcast domains). The gateways to which hosts are connected have the same IP address.

NOTE:
  • On an interface for which proxy ARP anyway is configured, you need to run the arp direct-route enable command to advertise host routes generated based on ARP entries.

  • After the proxy ARP anyway function is enabled, broadcasting outgoing ARP request packets needs to be blocked.
    • If only ARP request packets need to be broadcast, run the storm suppression broadcast block outbound command on the physical interface where proxy ARP anyway is enabled to block outgoing broadcast packets. For example, if proxy ARP anyway is enabled on a VLANIF interface, run the storm suppression broadcast block outbound command on the VLAN member interface corresponding to the VLANIF interface.
    • If other packets in addition to ARP request packets need to be broadcast, configure an MQC traffic policy to block the broadcast of outgoing ARP request packets and allow other packets to be broadcast.

Intra-VLAN proxy ARP

Two hosts that need to communicate belong to the same network segment on the same physical network and are in the same VLAN, but Layer 2 isolation is configured on ports in the VLAN.

Inter-VLAN proxy ARP

Two hosts that need to communicate belong to the same network segment on the same physical network, but are in different VLANs.

NOTE:
In VLAN aggregation scenarios, inter-VLAN proxy ARP can be enabled on the VLANIF interface corresponding to the super-VLAN to implement communication between sub-VLANs.

Implementation

  • Routed proxy ARP

    If hosts on the same network segment but different physical networks need to communicate while the gateways connecting to these hosts have different addresses, you need to enable routed proxy ARP on the switch interface connecting to the hosts.

    As shown in Figure 2-4, the IP address of Host A is 10.10.10.1/16 and that of Host B is 10.10.11.1/16, and Host A and Host B are located on the same network segment. The Switch connects to two networks through VLANIF 10 and VLANIF 20. The IP addresses of VLANIF 10 and VLANIF 20 are located on different network segments. The IP addresses of Host A and Host B are on the same network segment. When Host A needs to communicate with Host B, Host A broadcasts an ARP Request packet, requesting the MAC address of Host B. However, Host A and Host B are on different physical networks (in different broadcast domains). Host B cannot receive the ARP Request packet sent from Host A and does not respond with an ARP Reply packet.
    Figure 2-4 Routed proxy ARP implementation

    You can enable routed proxy ARP on VLANIF 10 and VLANIF 20 of the Switch to solve this problem.

    1. Host A sends an ARP Request packet for the MAC address of Host B.
    2. After the Switch receives the ARP Request packet, the Switch checks the destination IP address of the packet and finds that it is not its own IP address and determines that the requested MAC address is not its MAC address. The Switch then checks whether there are routes to Host B.
      • If no route to Host B is available, the Switch discards the ARP Request packet sent by Host A.
      • If there is a route to Host B, the Switch checks whether routed proxy ARP is enabled on the packet receiving interface.
        • If routed proxy ARP is enabled, the Switch sends an ARP Replay packet containing the MAC address of VLANIF 10 to Host A.

          After receiving the ARP Replay packet from the Switch, Host A considers the packet as the ARP Replay packet from Host B. Host A learns the MAC address of VLANIF 10 on the Switch and uses this MAC address to send data packets to Host B.

        • If routed proxy ARP is not enabled, the Switch discards the ARP Request packet sent by Host A.
  • Proxy ARP anyway

    In scenarios where servers are partitioned into VMs, to allow flexible deployment and migration of VMs on multiple servers or switches, the common solution is to configure Layer 2 interconnection between multiple switches. However, this approach may lead to larger Layer 2 domains on the network and the risk of broadcast storms. To resolve this problem, the common method is to configure a VM gateway on an access switch and enable proxy ARP anyway on the gateway so that the gateway sends its own MAC address to a source VM and communication between VMs is implemented through route forwarding.

    As shown in Figure 2-5, the IP address of VM1 is 10.10.10.1/24 and the IP address of VM2 is 10.10.10.4/24. VM1 and VM2 are on the same network segment. The two networks are connected through the VLANIF 10 interfaces with the same IP address and MAC address on Switch1 and Switch2, respectively. The IP addresses of VM1 and VM2 are on the same network segment. When VM1 needs to communicate with VM2, it broadcasts an ARP Request packet, requesting the MAC address of VM2. However, VM1 and VM2 are on different physical networks (in different broadcast domains). VM2 cannot receive the ARP Request packet sent from VM1 and does not respond with an ARP Reply packet.
    Figure 2-5 Proxy ARP anyway implementation

    To resolve this problem, you can enable proxy ARP anyway on the VLANIF 10 interfaces on Switch1 and Switch2.

    1. VM1 sends an ARP request message for the MAC address of VM2.
    2. After the Switch1 receives the ARP Request packet, the Switch1 checks the destination IP address of the packet and finds that it is not its own IP address and determines that the requested MAC address is not its MAC address. The Switch1 then checks whether proxy ARP anyway is enabled on VLANIF 10.
      • If proxy ARP anyway is enabled, the Switch1 sends an ARP Replay packet containing the MAC address of VLANIF 10 to VM1.

        After receiving the ARP Replay packet from the Switch1, VM1 considers the packet as the ARP Replay packet from VM2. VM1 learns the MAC address of VLANIF 10 on the Switch1 and uses this MAC address to send data packets to VM2.

      • If proxy ARP anyway is not enabled, the Switch1 discards the ARP Request packet sent by VM1.
    1. VM1 sends an ARP request message for the MAC address of VM2.
    2. After receiving the ARP request message, the PE checks the destination IP address of the message and finds that the requested MAC address is not its own MAC address. The PE then checks whether proxy ARP anyway is enabled on Interface1:
      • If proxy ARP anyway is enabled, the PE sends the MAC address of its interface Interface1 to VM1.
      • If proxy ARP anyway is not enabled, the PE discards the ARP request message sent by VM1.
    3. After learning the MAC address of Interface1, VM1 sends IP datagrams to the PE based on this MAC address.
  • Intra-VLAN proxy ARP

    If the hosts belong to the same VLAN with Layer 2 port isolation configured, intra-VLAN proxy ARP can be enabled on the interfaces associated with the VLAN to allow the hosts to communicate at Layer 3.

    As shown in Figure 2-6, Host A and Host B are connected to the Switch. The two interfaces connected to Host A and Host B belong to VLAN 4 on the Switch. Host A and Host B cannot communicate at Layer 2 because Layer 2 port isolation in a VLAN is configured on the Switch.
    Figure 2-6 Intra-VLAN proxy ARP implementation

    You can enable intra-VLAN proxy ARP on VLANIF 4 of the Switch to solve this problem.

    1. Host A sends an ARP Request packet for the MAC address of Host B.
    2. After receiving the ARP Request packet, the Switch detects that the destination IP address is not its IP address and determines that the requested MAC address is not its MAC address. The Switch then checks whether there is an ARP entry of Host B.
      • If there is an ARP entry that matches Host B and VLAN information in this entry is the same as that in the receiving port, the Switch checks whether intra-VLAN proxy ARP is enabled on the corresponding VLANIF interface.
        • If intra-VLAN proxy ARP is enabled, the Switch sends the MAC address of VLANIF 4 to Host A.

          After receiving the ARP Replay packet from the Switch, Host A considers the packet as the ARP Replay packet from Host B. Host A learns the MAC address of VLANIF 4 on the Switch and uses this MAC address to send data packets to Host B.

        • If intra-VLAN proxy ARP is not enabled, the Switch discards the ARP Request packet sent by Host A.
      • If there is no ARP entry of Host B, the Switch discards the ARP Request packet sent by Host A, and checks whether intra-VLAN proxy ARP is enabled on the packet receiving interface.
        • If intra-VLAN proxy ARP is enabled, the Switch broadcasts the ARP Request packet with the IP address of Host B as the destination IP address within VLAN 4. After the Switch receives an ARP Reply packet from Host B, the Switch generates an ARP entry indicating the mapping between the IP and MAC addresses of Host B.
        • If intra-VLAN proxy ARP is not enabled, the Switch does not perform any operations.
  • Inter-VLAN proxy ARP

    If hosts on the same network segment of the same physical network but in different VLANs need to communicate at Layer 3, you need to enable inter-VLAN proxy ARP on the corresponding VLANIF interfaces.

    As shown in Figure 2-7, Host A and Host B on the same network segment are connected to the Switch, Host A belongs to VLAN 3, and Host B belongs to VLAN 2. Host A and Host B belong to different sub-VLANs, so they cannot communicate at Layer 2.
    Figure 2-7 Inter-VLAN proxy ARP implementation

    You can enable inter-VLAN proxy ARP on VLANIF 4 of the Switch to solve this problem.

    1. Host A sends an ARP Request packet for the MAC address of Host B.
    2. After receiving the ARP Request packet, the Switch detects that the destination IP address is not its IP address and determines that the requested MAC address is not its MAC address. The Switch then checks whether there is an ARP entry of Host B.
      • If there is an ARP entry that matches Host B and VLAN information in this entry is different from that in the receiving port, the Switch checks whether inter-VLAN proxy ARP is enabled on the corresponding VLANIF interface.
        • If inter-VLAN proxy ARP is enabled, the Switch sends the MAC address of VLANIF 4 to Host A.

          After receiving the ARP Replay packet from the Switch, Host A considers the packet as the ARP Replay packet from Host B. Host A learns the MAC address of VLANIF 4 on the Switch and uses this MAC address to send data packets to Host B.

        • If inter-VLAN proxy ARP is not enabled, the Switch discards the ARP Request packet sent by Host A.
      • If there is no ARP entry of Host B, the Switch discards the ARP Request packet sent by Host A, and checks whether inter-VLAN proxy ARP is enabled on the corresponding VLANIF interface.
        • If inter-VLAN proxy ARP is enabled, the Switch broadcasts the ARP Request packet with the IP address of Host B as the destination IP address within VLAN 2. After the Switch receives an ARP Reply packet from Host B, the Switch generates an ARP entry indicating the mapping between the IP and MAC addresses of Host B.
        • If inter-VLAN proxy ARP is not enabled, the Switch does not perform any operations.
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004354

Views: 69351

Downloads: 147

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next